b'                         UNITED STATES DEPARTMENT OF EDUCATION\n                                        OFFICE OF THE INSPECTOR GENERAL\n\n\n\n\n10/27/04\n\nINSPECTION ALERT MEMO\n\nTo:               William J. Leidinger\n                  Assistant Secretary for Management and\n                  Chief Information Officer\n\nFrom:             John P. Higgins, Jr.\n                  Inspector General\n\nSubject:          Review of the Department\xe2\x80\x99s Information Technology Shadow\n                  Investments (ED/OIG I13E0023)\n\nIn June, the OIG Inspection and Evaluation group began a study of the\nDepartment\xe2\x80\x99s \xe2\x80\x9cshadow IT investments\xe2\x80\x9d process, i.e., IT projects that were not\ncurrently part of the Department\xe2\x80\x99s capital planning process.1 The study was\nintended to identify the scope (number and dollar amount) of these investments,\nthe kinds of activities supported by these investments; and to determine the\nDepartment\xe2\x80\x99s processes and procedures for review and approval. As the\ninspection staff moved forward with their study, it became apparent that OCIO\xe2\x80\x99s\nIT Investment Management staff and OCFO were also gathering information on\nthese projects.\n\nThe results of the OCFO and ITIM inquiry were discussed at the September 29,\n2004 IRB meeting. At that meeting, the ITIM staff stated they had identified 249\npotential shadow investments that totaled $33.9M. ITIM staff stated they had\nreviewed 201 of the identified projects and now had included 42 of the projects\ntotaling $15.32M in the Department\xe2\x80\x99s Line of Business Enterprise Architecture.\nAdditionally, they stated that they had drafted and were circulating a consistent\ndefinition of \xe2\x80\x9cIT\xe2\x80\x9d for the purpose of tracking and appropriately managing the\nDepartment\xe2\x80\x99s IT portfolio. Because of the work undertaken by these two offices,\nwe refocused our inquiries solely on the issue of Department processes and\nprocedures for approving IT shadow investments\n\nOCIO provided the list of projects presented to the IRB to the OIG\xe2\x80\x99s Evaluation\nand Inspection group for review. As part of this review, my staff spoke to\n\n1\n OCIO describes shadow IT investments as IT systems that are not part of the Department\xe2\x80\x99s\ncapital planning process, Enterprise Architecture, or Information Assurance.\n\nOCIO further identified these investments by stating that they are funded by program dollars (not\nidentified with IT) and they may be housed and maintained at a contractor\xe2\x80\x99s site.\n                             400 MARYLAND AVE., SW., WASHINGTON, DC 20202-1510\n                                                www.ed.gov\n\n      Our mission is to ensure equal access to education and to promote educational excellence throughout the Nation.\n\x0c                                                                   ED/OIG I13E0023\n\n\nExecutive Officers and program managers throughout the Department who\nprovided input into what appeared on the list. They found that the executive\noffices that did not have members on the Planning and Investment Review\nWorking Group (PIRWG) did not have a basic understanding of the Department\xe2\x80\x99s\nITIM process. Given this lack of understanding, and the scope and size of the IT\ninvestments identified, we suggest that to complete this process, OCIO address\nthe following three issues:\n\n   1. While the ITIM staff has drafted a directive defining what is an IT\n      investment, they may want to take another look at their definitions before\n      proceeding farther. The Department may be unnecessarily expanding the\n      scope and complexity of what it is requiring to be reviewed. The Clinger-\n      Cohen Act defines IT to include computers, ancillary equipment software,\n      firmware and similar procedures, services (including support services),\n      and related resources. According to Clinger-Cohen, IT does not include\n      any equipment that is acquired by a federal contractor incidental to a\n      federal contract. However, according to OCIO, the Department\xe2\x80\x99s revised\n      definition will include IT investments residing at a contractor site. This\n      seems to be adding unnecessary complexity to the process.\n   2. OCIO needs to clearly identify, in a written policy, the roles and\n      responsibilities of all parties in this process, including the executive\n      officers and component level project managers. Once the policy is issued,\n      OCIO needs to engage in outreach to ensure that everyone who has a\n      role to play in this process understands his or her responsibilities.\n   3. Additional training and support materials need to be made available for all\n      participants. Up until this point, training has focused almost exclusively on\n      the project managers for the major IT investments. If the definition of who\n      needs to complete a business case is expanded, the training must be\n      expanded to include them. ITIM should also enhance the support\n      materials available to those involved in the investment review process.\n      The E & I staff looked for best practices in government that the ITIM team\n      could emulate. HUD\xe2\x80\x99s ITIM process guide provides an IT investment\n      selection process that includes providing IT managers, principal staff, and\n      other key stakeholders with training in IT initiative documentation and\n      sound project management practices. The training includes project\n      documentation requirements and standards that provide specific IT\n      investment information for OCIO to screen projects.\n\nI commend the initiative of the OCIO and OCFO staff in pursuing this issue. If\nyou agree with our suggestions for completing this process, please advise us of\nthe specific additional actions that you will be undertaking.\n\n\n\n\n                                        2\n\x0c'